<?php
session_start();
/*
 * Session variables:
 * $_SESSION['type'] [string] = user type of the logged in user
 * $_SESSION['authorised'] [boolean] = whether or not the current user is logged in
 * $_SESSION['parent_lastname'] [string] = parent's lastname
 * $_SESSION['parent_firstname'] [string] = parent's firstname
 * $_SESSION['parent_middlename'] [string] = parent's middlename
 * $_SESSION['parent'][string]=parent's username/email
 * $_SESSION['parent_pass'] [string]= parent's password
 */
if(isset($_SESSION['authorised']) && $_SESSION['authorised'] == true)
{   
    if(isset($_SESSION['type']))
    {
        if($_SESSION['type'] == 'administrator')
        {           
			$lastname=$_SESSION['parent_lastname'];
			$firstname=$_SESSION['parent_firstname'];
			$middlename=$_SESSION['parent_middlename'];
			$username= $_POST['email'];
			$stadd1=strtoupper(addslashes(pg_escape_string($_POST['street_add1'])));
			$stadd2=strtoupper(addslashes(pg_escape_string($_POST['street_add2'])));
			$city=strtoupper(addslashes(pg_escape_string($_POST['city_add'])));
			$gender=strtoupper(addslashes(pg_escape_string($_POST['gender'])));
			$birthday=addslashes(pg_escape_string($_POST['birthday']));
			$birthmonth=strtoupper(addslashes(pg_escape_string($_POST['birthmonth'])));
			$birthyear=addslashes(pg_escape_string($_POST['birthyear']));
			$contact_num=addslashes(pg_escape_string($_POST['contact_num']));
			$password=addslashes(pg_escape_string($_POST['pass1']));
			$acctype=strtolower(addslashes(pg_escape_string($_POST['accType'])));
            
			include('connection.inc');
            
            $sql = "SELECT * FROM users where username='$username'";
            $result = pg_query($sql);
            
            $count = pg_num_rows($result);
            
            if($count >= 1)
            {
                $_SESSION['error']='Username already exists';
                header('Location:admin_alert.php');
                exit();
            }
            else
            {
                $sql="INSERT INTO users (username, password, usertype, lastname, firstname, middlename, streetAdd1, streetAdd2, cityAdd, contactNum, gender, birthday) VALUES ('$username','$password', '$acctype', '$lastname','$firstname','$middlename', '$stadd1','$stadd2','$city','$contact_num','$gender', to_date('$birthday $birthmonth $birthyear', 'DD MON YYYY') )";
				$result=pg_query($sql);
				
					$sql1="INSERT INTO parents (username) values ('$username')";
					$result1=pg_query($sql1);
				
					$tutorial_centre=$_SESSION['tcname'];
			
					$message="Hi $firstname!\r\n\r\n";
					$message.="Welcome to Tutorial Business Management System! \r\n";
					$message.="\r\n\r\nYour are now registered  in $tutorial_centre as $acctype\r\n";
					$message.="\r\nYour username is $username.\r\n";
					$message.="Your password is $password.";
					$message.="\r\n\r\nThanks, \r\n\r\n";
					$message.="TBMS team \r\n";
								
					require_once('class.phpgmailer.php');
					$mail = new PHPGMailer();
					$mail->Username = 'cs192tbms@gmail.com'; 
					$mail->Password = 'notnamed';
					$mail->From = 'cs192tbms@gmail.com'; 
					$mail->FromName = 'CS 192 TBMS Group';
					$mail->Subject = 'Welcome to Tutorial Business Management System';
					$mail->AddAddress("$username");
					$mail->Body = "$message";
					$mail->Send();
					
					unset($_SESSION['parent'],$_SESSION['parent_pass']);
					header('Location:admin_create_student2.php');
					exit();
            }
        }
        elseif($_SESSION['type'] == 'student')
        {
            header('Location: student_index.php');
            exit();
        }
        elseif($_SESSION['type'] == 'tutor')
        {
            header('Location: tutor_index.php');
            exit();
        }
        elseif($_SESSION['type'] == 'parent')
        {
            header('Location: parent_index.php');
            exit();
        }
    }
}
else
{
    header('Location: index.php');
}
?>
